3.7 C
New York
Friday, January 12, 2024

PDF Phishing: Past the Bait

By Lakshya Mathur & Yashvi Shah 

Phishing attackers intention to deceive people into revealing delicate data for monetary achieve, credential theft, company community entry, and spreading malware. This methodology typically entails social engineering techniques, exploiting psychological components to control victims into compromising actions that may have profound penalties for private and organizational safety.

Over the past 4 months, McAfee Labs has noticed a rising development within the utilization of PDF paperwork for conducting a succession of phishing campaigns. These PDFs had been delivered as electronic mail attachments.

Attackers favor utilizing PDFs for phishing as a result of file format’s widespread trustworthiness. PDFs, generally seen as reliable paperwork, present a flexible platform for embedding malicious hyperlinks, content material, or exploits. By leveraging social engineering and exploiting the familiarity customers have with PDF attachments, attackers enhance the probability of profitable phishing campaigns. Moreover, PDFs provide a method to bypass electronic mail filters that will deal with detecting threats in different file codecs.

The noticed phishing campaigns utilizing PDFs had been numerous, abusing varied manufacturers equivalent to Amazon and Apple. Attackers typically impersonate well-known and trusted entities, growing the possibilities of luring customers into interacting with the malicious content material. Moreover, we are going to delve into distinct kinds of URLs utilized by attackers. By understanding the themes and URL patterns, readers can improve their consciousness and higher acknowledge potential phishing makes an attempt.

 Determine 1 – PDF Phishing Geo Heatmap displaying McAfee clients focused in final 1 month

Completely different Themes of Phishing

Attackers make use of a variety of company themes of their social engineering techniques to entice victims into clicking on phishing hyperlinks. Notable manufacturers equivalent to Amazon, Apple, Netflix, and PayPal, amongst others, are sometimes mimicked. The PDFs are fastidiously crafted to induce a way of urgency within the sufferer’s thoughts, using phrases like “your account must be up to date” or “your ID has expired.” These techniques intention to control people into taking immediate motion, contributing to the success of the phishing campaigns.

Beneath are a number of the examples:

Determine 2 – Faux Amazon PDF Phish

Determine 3 – Faux Apple PDF Phish

Determine 4 – Faux Inside Income Service PDF Phish

Determine 5 – Faux Adobe PDF Phish

Beneath are the stats on the quantity of varied themes we have now seen in these phishing campaigns.

Determine 6 – Completely different themed marketing campaign stats based mostly on McAfee clients hits in final 1 month

Abuse of LinkedIn and Google hyperlinks

Cyber attackers are exploiting the favored skilled networking platform LinkedIn and leveraging Google Apps Script to redirect customers to phishing web sites. Allow us to look at every methodology of abuse individually.

Within the case of LinkedIn, attackers are using good hyperlinks to avoid Anti-Virus and different safety measures. Sensible hyperlinks are integral to the LinkedIn Gross sales Navigator service, designed for monitoring and advertising and marketing enterprise accounts.

Determine 7 – LinkedIn Sensible hyperlink redirecting to an exterior web site

By using these good hyperlinks, attackers redirect their victims to phishing pages. This strategic strategy permits them to bypass conventional safety measures, as the usage of LinkedIn as a referrer provides a component of legitimacy, making it more difficult for safety programs to detect and block malicious exercise.

Along with exploiting LinkedIn, attackers are leveraging the performance of Google Apps Script to redirect customers to phishing pages. Google Apps Script serves as a JavaScript-based improvement platform used for creating internet functions and varied different functionalities. Attackers embed malicious or phishing code inside this platform, and when victims entry the related URLs, it triggers the show of phishing or malicious pages.

Determine 8 – Amazon pretend web page displayed on accessing Google script URL

As proven in Determine 8, when victims click on on the “Proceed” button, they’re subsequently redirected to a phishing web site.


Crafting extremely convincing PDFs mimicking reliable corporations has turn out to be effortlessly achievable for attackers. These meticulously engineered PDFs create a way of urgency by way of skillful social engineering, prompting unsuspecting clients to click on on embedded phishing hyperlinks. Upon taking the bait, people are redirected to misleading phishing web sites, the place attackers request delicate data. This subtle tactic is deployed on a worldwide scale, with these convincing PDFs distributed to hundreds of consumers worldwide. Particularly, we highlighted the growing use of PDFs in phishing campaigns over the previous 4 months, with attackers adopting numerous themes equivalent to Amazon and Apple to use person belief. Notably, phishing techniques lengthen to standard platforms like LinkedIn, the place attackers leverage good hyperlinks to redirect victims to phishing pages, evading conventional safety measures. Moreover, Google Apps Script is exploited for its JavaScript-based performance, permitting attackers to embed malicious code and direct customers to misleading web sites.


Defending oneself from phishing requires a mix of consciousness, warning, and safety practices. Listed below are some key steps to assist safeguard in opposition to phishing:

  • Be Skeptical: Train warning when receiving unsolicited emails, messages, or social media requests, particularly these with pressing or alarming content material.
  • Confirm Sender Identification: Earlier than clicking on any hyperlinks or offering data, confirm the legitimacy of the sender. Test electronic mail addresses, domains, and speak to particulars for any inconsistencies.
  • Keep away from Clicking on Suspicious Hyperlinks: Hover over hyperlinks to preview the precise URL earlier than clicking. Be cautious of shortened URLs, and if unsure, confirm the hyperlink’s authenticity straight with the sender or by way of official channels.
  • Use Two-Issue Authentication (2FA): Allow 2FA each time doable. This provides an additional layer of safety by requiring a second type of verification, equivalent to a code despatched to your cell gadget.

McAfee gives protection in opposition to a broad spectrum of lively phishing campaigns, providing safety by way of options equivalent to real-time scanning and URL filtering. Whereas it enhances safety in opposition to varied phishing makes an attempt, customers should stay vigilant and undertake accountable on-line practices together with utilizing McAfee.

Introducing McAfee+

Identification theft safety and privateness to your digital life

Supply hyperlink

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles